Releases: deep-security/smartcheck-helm
1.2.2
1.2.1
Changelog
- Added support for creating checklist finding overrides, so that findings can be reviewed and suppressed in future scans if they have been mitigated or the risk has been acknowledged
- Added support for running the built-in registry on a port other than
5000 - Fixed chart display issues in Firefox and Edge browsers
- Miscellaneous fixes and improvements
Related news: Check out our updated Jenkins plugin!
1.2.0
Changelog
New features since 1.1.0
Changes since 1.1.9 are highlighted with 🎉
- Initial support for security checklist compliance scanning 🎉
- Initial support for pre-registry scanning 🎉
- Added support for creating vulnerability and content scan overrides, so that findings can be reviewed and suppressed in future scans if they have been mitigated or the risk has been acknowledged
- Added support for SAML single sign-on
- License limits are now enforced: with trial and basic licenses, you can create up to 4 registries. With an advanced license, you can create an unlimited number of registries.
Related news: Check out our new Jenkins plugin and GitHub Action!
Notable changes since 1.1.0
Changes since 1.1.9 are highlighted with 🎉
-
Updated dashboard layout 🎉
-
Improved finding severity charts for vulnerabilities and content findings
-
Updated confirmation dialogs
-
Updated API documentation format
-
Converted database logging to structured logs for easier processing
-
Added SHA256 digests to images in the Helm chart to improve security
-
Added support for allowing traffic to registries running on non-standard ports
-
Improved security posture: all containers now run as non-root users
-
Reduced image sizes
-
Upgraded base images to pick up fixes and improvements
-
Added support for scanning an image by digest
-
Fixed registry filter interpretation: now
excludeoverridesinclude🎉 -
Removed support for custom webhook headers
-
Lots of miscellaneous fixes and improvements
API change notice
Following our process for breaking API changes, we have taken the next step in removing custom web hook headers from the API. All calls to the web hook header APIs will now result in a 410 Gone response with a Sunset header and the Link rel="sunset" header.
In the future, we'll continue to use this process of publishing a release note, updating the API specification, and including sunset details in the API response before we remove any API methods. It's a good idea to have your client code check for the Sunset response header in all API calls and to look for the Link rel="sunset" response header for a link to a human-readable note like this one.
We'll provide another update as we make progress on the transition to let you know when the web hook header APIs have been completely removed.
If you have any questions or comments on this process, please get in touch! We're always happy to hear from our customers.
1.1.9
Changelog
- Added support for creating vulnerability and content scan overrides, so that findings can be reviewed and suppressed in future scans if they have been mitigated or the risk has been acknowledged
- Converted database logging to structured logs for easier processing
- Added SHA256 digests to images in the Helm chart to improve security
- Miscellaneous fixes and improvements
1.1.8
1.1.7
Changelog
- License limits are now enforced: with trial and basic licenses, you can create up to 4 registries. With an advanced license, you can create an unlimited number of registries.
- Updated dashboard layout
- Fixed panic in SAML identity provider metadata refresh
- Fixed service logs that were getting mis-classified by Google StackDriver
- Miscellaneous fixes and improvements
1.1.6
Changelog
- Improved finding severity charts for vulnerabilities and content findings
- Fixed incorrect API spec for
GET /api/identity-providers/saml - Fixed incorrect sort order for
GET /api/scans/{id}/layers/{id}/vulnerabilities - Reduced image sizes
- Upgraded base images to pick up fixes and improvements
- Miscellaneous fixes and improvements
1.1.5
Features
- Added support for SAML single sign-on
Changelog
- Added support for scanning an image by digest
- Reduced container size for
vulnerability-scanservice - Updated API documentation format
- Miscellaneous fixes and improvements
- Marked web hook header APIs as deprecated (see API change notice below)
API change notice
We're simplifying the data model again for Deep Security Smart Check. In the initial release, we
thought it would be useful for people to be able to provide custom headers for web hooks. As it turns out,
the only thing that people were using them for was authorization, which wasn't a safe thing to do because web hook headers are readable by any user in the system. To make Deep Security Smart Check safer for all, we are marking web hook headers as deprecated in this release and will be removing this capability in the near future.
Check out our wiki article Securing web hooks to learn how to safely secure web hooks.
In the future, we'll continue to use this process of publishing a release note, updating the API specification, and including sunset details in the API response before we remove any API methods. It's a good idea to have your client code check for the Sunset response header in all API calls and to look for the Link rel="sunset" response header for a link to a human-readable note like this one.
We'll provide another update as we make progress on the transition to let you know when the web hook header APIs have been removed.
If you have any questions or comments on this process, please get in touch! We're always happy to hear from our customers.